Quix16 - 125Q

Frage 1

Frage

James is building a disaster recovery plan for his organization and would like to determine the amount of acceptable data loss after an outage. What variable is James determining?

Antworten

A. SLA
B. RTO
C. MTD
D. RPO

Frage 2

Frage

Fred needs to deploy a network device that can connect his network to other networks while controlling traffic on his network. What type of device is Fred’s best choice?

Antworten

A. A switch
B. A bridge
C. A gateway
D. A router

Frage 3

Frage

Alex is preparing to solicit bids for a penetration test of his company’s network and systems. He wants to maximize the effectiveness of the testing rather than the realism of the test. What type of penetration test should he require in his bidding process?

Antworten

A. Black box
B. Crystal box
C. Gray box
D. Zero box

Frage 4

Frage

Which one of the following is not a key process area for the Repeatable phase of the Software Capability Maturity Model (SWCMM)?

Antworten

A. Software Project Planning
B. Software Quality Management
C. Software Project Tracking
D. Software Subcontract Management

Frage 5

Frage

Application banner information is typically recorded during what penetration testing phase?

Antworten

A. Planning
B. Attack
C. Reporting
D. Discovery

Frage 6

Frage

What is the default subnet mask for a Class B network?

Antworten

A. 255.0.0.0
B. 255.255.0.0
C. 255.254.0.0
D. 255.255.255.0

Frage 7

Frage

Jim has been asked to individually identify devices that users are bringing to work as part of a new BYOD policy. The devices will not be joined to a central management system like Active Directory, but he still needs to uniquely identify the systems. Which of the following options will provide Jim with the best means of reliably identifying each unique device?

Antworten

A. Record the MAC address of each system.
B. Require users to fill out a form to register each system.
C. Scan each system using a port scanner.
D. Use device fingerprinting via a web-based registration system.

Frage 8

Frage

David works in an organization that uses a formal data governance program. He is consulting with an employee working on a project that created an entirely new class of data and wants to work with the appropriate individual to assign a classification level to that information. Who is responsible for the assignment of information to a classification level?

Antworten

A. Data creator
B. Data owner
C. CISO
D. Data custodian

Frage 9

Frage

What type of inbound packet is characteristic of a ping flood attack?

Antworten

A. ICMP echo request
B. ICMP echo reply
C. ICMP destination unreachable
D. ICMP route changed

Frage 10

Frage

Gabe is concerned about the security of passwords used as a cornerstone of his organization’s information security program. Which one of the following controls would provide the greatest improvement in Gabe’s ability to authenticate users?

Antworten

A. More complex passwords
B. User education against social engineering
C. Multifactor authentication
D. Addition of security questions based on personal knowledge

Frage 11

Frage

The separation of network infrastructure from the control layer, combined with the ability to centrally program a network design in a vendor-neutral, standards-based implementation, is an example of what important concept?

Antworten

A. MPLS, a way to replace long network addresses with shorter labels and support a wide range of protocols
B. FCoE, a converged protocol that allows common applications over Ethernet
C. SDN, a converged protocol that allows network virtualization
D. CDN, a converged protocol that makes common network designs accessible

Frage 12

Frage

Susan is preparing to decommission her organization’s archival DVDROMs that contain Top Secret data. How should she ensure that the data cannot be exposed?

Antworten

A. Degauss
B. Zero wipe
C. Pulverize
D. Secure erase

Frage 13

Frage

What is the final stage of the Software Capability Maturity Model (SWCMM)?

Antworten

A. Repeatable
B. Defined
C. Managed
D. Optimizing

Frage 14

Frage

Angie is configuring egress monitoring on her network to provide added security. Which one of the following packet types should Angie allow to leave the network headed for the Internet?

Antworten

A. Packets with a source address from Angie’s public IP address block
B. Packets with a destination address from Angie’s public IP address block
C. Packets with a source address outside Angie’s address block
D. Packets with a source address from Angie’s private address block

Frage 15

Frage

Matt is conducting a penetration test against a Linux server and successfully gained access to an administrative account. He would now like to obtain the password hashes for use in a brute-force attack. Where is he likely to find the hashes, assuming the system is configured to modern security standards?

Antworten

A. /etc/passwd
B. /etc/hash
C. /etc/secure
D. /etc/shadow

Frage 16

Frage

Theresa is implementing a new access control system and wants to ensure that developers do not have the ability to move code from development systems into the production environment. What information security principle is she most directly enforcing?

Antworten

A. Separation of duties
B. Two-person control
C. Least privilege
D. Job rotation

Frage 17

Frage

Which one of the following tools may be used to achieve the goal of nonrepudiation?

Antworten

A. Digital signature
B. Symmetric encryption
C. Firewall
D. IDS

Frage 18

Frage

In this diagram of the TCP three-way handshake, what should system A send to system B in step 3?

Image:

73 (binary/octet-stream)

Antworten

A. ACK
B. SYN
C. FIN
D. RST

Frage 19

Frage

What RADIUS alternative is commonly used for Cisco network gear and supports two-factor authentication?

Antworten

A. RADIUS+
B. TACACS+
C. XTACACS
D. Kerberos

Frage 20

Frage

What two types of attacks are VoIP call managers and VoIP phones most likely to be susceptible to?

Antworten

A. DoS and malware
B. Worms and Trojans
C. DoS and host OS attacks
D. Host OS attacks and buffer overflows

Frage 21

Frage

Vivian works for a chain of retail stores and would like to use a software product that restricts the software used on point-of-sale terminals to those packages on a preapproved list. What approach should Vivian use?

Antworten

A. Antivirus
B. Heuristic
C. Whitelist
D. Blacklist

Frage 22

Frage

Hunter is the facilities manager for DataTech, a large data center management firm. He is evaluating the installation of a flood prevention system at one of DataTech’s facilities. The facility and contents are valued at $100 million. Installing the new flood prevention system would cost $10 million. Hunter consulted with flood experts and determined that the facility lies within a 200-year flood plain and that, if a flood occurred, it would likely cause $20 million in damage to the facility. Based on the information in this scenario, what is the exposure factor for the effect of a flood on DataTech’s data center?

Antworten

A. 2%
B. 20%
C. 100%
D. 200%

Frage 23

Frage

Hunter is the facilities manager for DataTech, a large data center management firm. He is evaluating the installation of a flood prevention system at one of DataTech’s facilities. The facility and contents are valued at $100 million. Installing the new flood prevention system would cost $10 million. Hunter consulted with flood experts and determined that the facility lies within a 200-year flood plain and that, if a flood occurred, it would likely cause $20 million in damage to the facility. Based on the information in this scenario, what is the annualized rate of occurrence for a flood at DataTech’s data center?

Antworten

A. 0.002
B. 0.005
C. 0.02
D. 0.05

Frage 24

Frage

Hunter is the facilities manager for DataTech, a large data center management firm. He is evaluating the installation of a flood prevention system at one of DataTech’s facilities. The facility and contents are valued at $100 million. Installing the new flood prevention system would cost $10 million. Hunter consulted with flood experts and determined that the facility lies within a 200-year flood plain and that, if a flood occurred, it would likely cause $20 million in damage to the facility. Based on the information in this scenario, what is the annualized loss expectancy for a flood at DataTech’s data center?

Antworten

A. $40,000
B. $100,000
C. $400,000
D. $1,000,000

Frage 25

Frage

Which accounts are typically assessed during an account management assessment?

Antworten

A. A random sample
B. Highly privileged accounts
C. Recently generated accounts
D. Accounts that have existed for long periods of time

Frage 26

Frage

Which one of the following tools might an attacker use to best identify vulnerabilities in a targeted system?

Antworten

A. Nmap
B. Nessus
C. ipconfig
D. traceroute

Frage 27

Frage

What type of error occurs when a valid subject using a biometric authenticator is not authenticated?

Antworten

A. A Type 1 error
B. A Type 2 error
C. A Type 3 error
D. A Type 4 error

Frage 28

Frage

Jackie is creating a database that contains the Customers table, shown here. She is designing a new table to contain Orders and plans to use the Company ID in that table to uniquely identify the customer associated with each order. What role does the Company ID field play in the Orders table?

Image:

74 (binary/octet-stream)

Antworten

A. Primary key
B. Foreign key
C. Candidate key
D. Referential key

Frage 29

Frage

What three types of interfaces are typically tested during software testing?

Antworten

A. Network, physical, and application interfaces
B. APIs, UIs, and physical interfaces
C. Network interfaces, APIs, and UIs
D. Application, programmatic, and user interfaces

Frage 30

Frage

George is assisting a prosecutor with a case against a hacker who attempted to break into the computer systems at George’s company. He provides system logs to the prosecutor for use as evidence, but the prosecutor insists that George testify in court about how he gathered the logs. What rule of evidence requires George’s testimony?

Antworten

A. Testimonial evidence rule
B. Parol evidence rule
C. Best evidence rule
D. Hearsay rule

Frage 31

Frage

Which of the following is not a valid use for key risk indicators?

Antworten

A. Provide warnings before issues occur.
B. Provide real-time incident response information.
C. Provide historical views of past risks.
D. Provide insight into risk tolerance for the organization.

Frage 32

Frage

Which one of the following malware types uses built-in propagation mechanisms that exploit system vulnerabilities to spread?

Antworten

A. Trojan horse
B. Worm
C. Logic bomb
D. Virus

Frage 33

Frage

Don’s company is considering the use of an object-based storage system where data is placed in a vendor-managed storage environment through the use of API calls. What type of cloud computing service is in use?

Antworten

A. IaaS
B. PaaS
C. CaaS
D. SaaS

Frage 34

Frage

In what model of cloud computing do two or more organizations collaborate to build a shared cloud computing environment that is for their own use?

Antworten

A. Public cloud
B. Private cloud
C. Community cloud
D. Shared cloud

Frage 35

Frage

Which one of the following is not a principle of the Agile approach to software development?

Antworten

A. The most efficient method of conveying information is electronic.
B. Working software is the primary measure of progress.
C. Simplicity is essential.
D. Businesspeople and developers must work together daily.

Frage 36

Frage

Harry is concerned that accountants within his organization will use data diddling attacks to cover up fraudulent activity in accounts that they normally access. Which one of the following controls would best defend against this type of attack?

Antworten

A. Encryption
B. Access controls
C. Integrity verification
D. Firewalls

Frage 37

Frage

What class of fire extinguisher is capable of fighting electrical fires?

Antworten

A. Class A
B. Class B
C. Class C
D. Class D

Frage 38

Frage

What important factor differentiates Frame Relay from X.25?

Antworten

A. Frame Relay supports multiple PVCs over a single WAN carrier connection.
B. Frame Relay is a cell switching technology instead of a packet switching technology like X.25.
C. Frame Relay does not provide a Committed Information Rate (CIR).
D. Frame Relay only requires a DTE on the provider side.

Frage 39

Frage

Using the following table and your knowledge of the auditing process As they prepare to migrate their data center to an infrastructure as a service (IaaS) provider, Susan’s company wants to understand the effectiveness of their new provider’s security, integrity, and availability controls. What SOC report would provide them with the most detail, including input from the auditor on the effectiveness of controls at the IaaS provider?

Image:

75 (binary/octet-stream)

Antworten

A. SOC 1.
B. SOC 2.
C. SOC 3.
D. None of the SOC reports are suited to this, and they should request another form of report.

Frage 40

Frage

Metrics like the attack vector, complexity, exploit maturity, and how much user interaction is required are all found in what scoring system?

Antworten

A. CVE
B. CVSS
C. CNA
D. NVD

Frage 41

Frage

Using the following table and your knowledge of the auditing process Susan wants to ensure that the audit report that her organization requested includes input from an external auditor. What type of report should she request?

Image:

75 (binary/octet-stream)

Antworten

A. SOC 2, Type 1
B. SOC 3, Type 1
C. SOC 2, Type 2
D. SOC 3, Type 2

Frage 42

Frage

Using the following table and your knowledge of the auditing process When Susan requests a SOC 2 report, she receives a SAS 70 report. What issue should Susan raise?

Image:

75 (binary/octet-stream)

Antworten

A. SAS 70 does not include Type 2 reports, so control evaluation is only point in time.
B. SAS 70 has been replaced.
C. SAS 70 is a financial reporting standard and does not cover data centers.
D. SAS 70 only uses a 3-month period for testing.

Frage 43

Frage

What two logical network topologies can be physically implemented as a star topology?

Antworten

A. A bus and a mesh.
B. A ring and a mesh.
C. A bus and a ring.
D. It is not possible to implement other topologies as a star.

Frage 44

Frage

Bell-LaPadula is an example of what type of access control model?

Antworten

A. DAC
B. RBAC
C. MAC
D. ABAC

Frage 45

Frage

Martha is the information security officer for a small college and is responsible for safeguarding the privacy of student records. What law most directly applies to her situation?

Antworten

A. HIPAA
B. HITECH
C. COPPA
D. FERPA

Frage 46

Frage

What US law mandates the protection of protected health information?

Antworten

A. FERPA
B. SAFE Act
C. GLBA
D. HIPAA

Frage 47

Frage

Which one of the following techniques can an attacker use to exploit a TOC/TOU vulnerability?

Antworten

A. File locking
B. Exception handling
C. Algorithmic complexity
D. Concurrency control

Frage 48

Frage

Susan is configuring her network devices to use syslog. What should she set to ensure that she is notified about issues but does not receive normal operational issue messages?

Antworten

A. The facility code
B. The log priority
C. The security level
D. The severity level

Frage 49

Frage

What RAID level is also known as disk mirroring?

Antworten

A. RAID 0
B. RAID 1
C. RAID 3
D. RAID 5

Frage 50

Frage

What type of firewall uses multiple proxy servers that filter traffic based on analysis of the protocols used for each service?

Antworten

A. A static packet filtering firewall
B. An application-level gateway firewall
C. A circuit-level gateway firewall
D. A stateful inspection firewall

Frage 51

Frage

Surveys, interviews, and audits are all examples of ways to measure what important part of an organization’s security posture?

Antworten

A. Code quality
B. Service vulnerabilities
C. Awareness
D. Attack surface

Frage 52

Frage

Tom is the general counsel for an Internet service provider, and he recently received notice of a lawsuit against the firm because of copyrighted content illegally transmitted over the provider’s circuits by a customer. What law protects Tom’s company in this case?

Antworten

A. Computer Fraud and Abuse Act
B. Digital Millennium Copyright Act
C. Wiretap Act
D. Copyright Code

Frage 53

Frage

A Type 2 authentication factor that generates dynamic passwords based on a time- or algorithm-based system is what type of authenticator?

Antworten

A. A PIV
B. A smart card
C. A token
D. A CAC

Frage 54

Frage

Fred’s new employer has hired him for a position with access to their trade secrets and confidential internal data. What legal tool should they use to help protect their data if he chooses to leave to work at a competitor?

Antworten

A. A stop-loss order
B. An NDA
C. An AUP
D. Encryption

Frage 55

Frage

Which one of the following computing models allows the execution of multiple processes on a single processor by having the operating system switch between them without requiring modification to the applications?

Antworten

A. Multitasking
B. Multiprocessing
C. Multiprogramming
D. Multithreading

Frage 56

Frage

How many possible keys exist when using a cryptographic algorithm that has an 8-bit binary encryption key?

Antworten

A. 16
B. 128
C. 256
D. 512

Frage 57

Frage

What activity is being performed when you apply security controls based on the specific needs of the IT system that they will be applied to?

Antworten

A. Standardizing
B. Baselining
C. Scoping
D. Tailoring

Frage 58

Frage

During what phase of the electronic discovery process does an organization perform a rough cut of the information gathered to discard irrelevant information?

Antworten

A. Preservation
B. Identification
C. Collection
D. Processing

Frage 59

Frage

Ben’s job is to ensure that data is labeled with the appropriate sensitivity label. Since Ben works for the US government, he has to apply the labels Unclassified, Confidential, Secret, and Top Secret to systems and media. If Ben is asked to label a system that handles Secret, Confidential, and Unclassified information, how should he label it?

Antworten

A. Mixed classification
B. Confidential
C. Top Secret
D. Secret

Frage 60

Frage

Susan has discovered that the smart card-based locks used to keep the facility she works at secure are not effective because staff members are propping the doors open. She places signs on the doors reminding staff that leaving the door open creates a security issue, and she adds alarms that will sound if the doors are left open for more than five minutes. What type of controls has she put into place?

Antworten

A. Physical
B. Administrative
C. Compensation
D. Recovery

Frage 61

Frage

Ben is concerned about password cracking attacks against his system. He would like to implement controls that prevent an attacker who has obtained those hashes from easily cracking them. What two controls would best meet this objective?

Antworten

A. Longer passwords and salting
B. Over-the-wire encryption and use of SHA1 instead of MD5
C. Salting and use of MD5
D. Using shadow passwords and salting

Frage 62

Frage

Amanda is considering the implementation of a database recovery mechanism recommended by a consultant. In the recommended approach, an automated process will move records of transactions from the primary site to a backup site on an hourly basis. What type of database recovery technique is the consultant describing?

Antworten

A. Electronic vaulting
B. Transaction logging
C. Remote mirroring
D. Remote journaling

Frage 63

Frage

Which group is best suited to evaluate and report on the effectiveness of administrative controls an organization has put in place to a third party?

Antworten

A. Internal auditors
B. Penetration testers
C. External auditors
D. Employees who design, implement, and monitor the controls

Frage 64

Frage

A process on a system needs access to a file that is currently in use by another process. What state will the process scheduler place this process in until the file becomes available?

Antworten

A. Running
B. Ready
C. Waiting
D. Stopped

Frage 65

Frage

Renee is using encryption to safeguard sensitive business secrets when in transit over the Internet. What risk metric is she attempting to lower?

Antworten

A. Likelihood
B. RTO
C. MTO
D. Impact

Frage 66

Frage

As part of hiring a new employee, Kathleen’s identity management team creates a new user object and ensures that the user object is available in the directories and systems where it is needed. What is this process called?

Antworten

A. Registration
B. Provisioning
C. Population
D. Authenticator loading

Frage 67

Frage

Ricky would like to access a remote file server through a VPN connection. He begins this process by connecting to the VPN and attempting to log in. Applying the subject/object model to this request, what is the subject of Ricky’s login attempt?

Antworten

A. Ricky
B. VPN
C. Remote file server
D. Files contained on the remote server

Frage 68

Frage

Alice is designing a cryptosystem for use by six users and would like to use a symmetric encryption algorithm. She wants any two users to be able to communicate with each other without worrying about eavesdropping by a third user. How many symmetric encryption keys will she need to generate?

Antworten

A. 6
B. 12
C. 15
D. 30

Frage 69

Frage

Which one of the following intellectual property protection mechanisms has the shortest duration?

Antworten

A. Copyright
B. Patent
C. Trademark
D. Trade secret

Frage 70

Frage

Which of the following is not a code review process?

Antworten

A. Email pass-around
B. Over the shoulder
C. Pair programming
D. IDE forcing

Frage 71

Frage

Gordon is developing a business continuity plan for a manufacturing company’s IT operations. The company is located in North Dakota and currently evaluating the risk of earthquake. They choose to pursue a risk acceptance strategy. Which one of the following actions is consistent with that strategy?

Antworten

A. Purchasing earthquake insurance
B. Relocating the data center to a safer area
C. Documenting the decision-making process
D. Reengineering the facility to withstand the shock of an earthquake

Frage 72

Frage

Carol would like to implement a control that protects her organization from the momentary loss of power to the data center. Which control is most appropriate for her needs?

Antworten

A. Redundant servers
B. RAID
C. UPS
D. Generator

Frage 73

Frage

Ben has encountered problems with users in his organization reusing passwords, despite a requirement that they change passwords every 30 days. What type of password setting should Ben employ to help prevent this issue?

Antworten

A. Longer minimum age
B. Increased password complexity
C. Implement password history
D. Implement password length requirements

Frage 74

Frage

Chris is conducting a risk assessment for his organization and has determined the amount of damage that a single flood could be expected to cause to his facilities. What metric has Chris identified?

Antworten

A. ALE
B. SLE
C. ARO
D. AV

Frage 75

Frage

The removal of a hard drive from a PC before it is retired and sold as surplus is an example of what type of action?

Antworten

A. Purging
B. Sanitization
C. Degaussing
D. Destruction

Frage 76

Frage

During which phase of the incident response process would an organization determine whether it is required to notify law enforcement officials or other regulators of the incident?

Antworten

A. Detection
B. Recovery
C. Remediation
D. Reporting

Frage 77

Frage

What OASIS standard markup language is used to generate provisioning requests both within organizations and with third parties?

Antworten

A. SAML
B. SPML
C. XACML
D. SOA

Frage 78

Frage

Michelle is in charge of her organization’s mobile device management efforts and handles lost and stolen devices. Which of the following recommendations will provide the most assurance to her organization that data will not be lost if a device is stolen?

Antworten

A. Mandatory passcodes and application management
B. Full device encryption and mandatory passcodes
C. Remote wipe and GPS tracking
D. Enabling GPS tracking and full device encryption

Frage 79

Frage

Susan’s SMTP server does not authenticate senders before accepting and relaying email. What is this security configuration issue known as?

Antworten

A. An email gateway
B. An SMTP relay
C. An X.400-compliant gateway
D. An open relay

Frage 80

Frage

The large business that Jack works for has been using noncentralized logging for years. They have recently started to implement centralized logging, however, and as they reviewed logs, they discovered a breach that appeared to have involved a malicious insider. When the breach was discovered and the logs were reviewed, it was discovered that the attacker had purged the logs on the system that they compromised. How can this be prevented in the future?

Antworten

A. Encrypt local logs
B. Require administrative access to change logs
C. Enable log rotation
D. Send logs to a bastion host

Frage 81

Frage

The large business that Jack works for has been using noncentralized logging for years. They have recently started to implement centralized logging, however, and as they reviewed logs, they discovered a breach that appeared to have involved a malicious insider. How can Jack detect issues like this using his organization’s new centralized logging?

Antworten

A. Deploy and use an IDS
B. Send logs to a central logging server
C. Deploy and use a SIEM
D. Use syslog

Frage 82

Frage

The large business that Jack works for has been using noncentralized logging for years. They have recently started to implement centralized logging, however, and as they reviewed logs, they discovered a breach that appeared to have involved a malicious insider. How can Jack best ensure accountability for actions taken on systems in his environment?

Antworten

A. Log review and require digital signatures for each log.
B. Require authentication for all actions taken and capture logs centrally.
C. Log the use of administrative credentials and encrypt log data in transit.
D. Require authorization and capture logs centrally.

Frage 83

Frage

Ed’s organization has 5 IP addresses allocated to them by their ISP but needs to connect over 100 computers and network devices to the Internet. What technology can he use to connect his entire network via the limited set of IP addresses he can use?

Antworten

A. IPsec
B. PAT
C. SDN
D. IPX

Frage 84

Frage

What type of attack would the following precautions help prevent? - Requesting proof of identity - Requiring callback authorizations on voice-only requests - Not changing passwords via voice communications

Antworten

A. DoS attacks
B. Worms
C. Social engineering
D. Shoulder surfing

Frage 85

Frage

Fred’s organization needs to use a non-IP protocol on their VPN. Which of the common VPN protocols should he select to natively handle non-IP protocols?

Antworten

A. PPTP
B. L2F
C. L2TP
D. IPsec

Frage 86

Frage

Residual data is another term for what type of data left after attempts have been made to erase it?

Antworten

A. Leftover data
B. MBR
C. Bitrot
D. Remnant data

Frage 87

Frage

Fred finds a packet that his protocol analyzer shows with both PSH and URG set. What type of packet is he looking at, and what do the flags mean?

Antworten

A. A UDP packet; PSH and URG are used to indicate that the data should be sent at high speed
B. A TCP packet; PSH and URG are used to clear the buffer and indicate that the data is urgent
C. A TCP packet; PSH and URG are used to preset the header and indicate that the speed of the network is unregulated
D. A UDP packet; PSH and URG are used to indicate that the UDP buffer should be cleared and that the data is urgent

Frage 88

Frage

Which one of the following disaster recovery test types involves the actual activation of the disaster recovery facility?

Antworten

A. Simulation test
B. Tabletop exercise
C. Parallel test
D. Checklist review

Frage 89

Frage

What access control system lets owners decide who has access to the objects they own?

Antworten

A. Role-based access control
B. Task-based access control
C. Discretionary access control
D. Rule-based access control

Frage 90

Frage

Using a trusted channel and link encryption are both ways to prevent what type of access control attack?

Antworten

A. Brute force
B. Spoofed login screens
C. Man-in-the-middle attacks
D. Dictionary attacks

Frage 91

Frage

Which one of the following is not one of the canons of the (ISC)2 Code of Ethics?

Antworten

A. Protect society, the common good, necessary public trust and confidence, and the infrastructure.
B. Act honorably, honestly, justly, responsibly, and legally.
C. Provide diligent and competent service to principals.
D. Maintain competent records of all investigations and assessments.

Frage 92

Frage

Which one of the following components should be included in an organization’s emergency response guidelines?

Antworten

A. Immediate response procedures
B. Long-term business continuity protocols
C. Activation procedures for the organization’s cold sites
D. Contact information for ordering equipment

Frage 93

Frage

Ben is working on integrating a federated identity management system and needs to exchange authentication and authorization information for browser-based single sign-on. What technology is his best option?

Antworten

A. HTML
B. XACML
C. SAML
D. SPML

Frage 94

Frage

What is the minimum interval at which an organization should conduct business continuity plan refresher training for those with specific business continuity roles?

Antworten

A. Weekly
B. Monthly
C. Semiannually
D. Annually

Frage 95

Frage

What is the minimum number of cryptographic keys necessary to achieve strong security when using the 3DES algorithm?

Antworten

A. 1
B. 2
C. 3
D. 4

Frage 96

Frage

What approach to technology management integrates the three components of technology management shown in this illustration?

Image:

76 (binary/octet-stream)

Antworten

A. Agile
B. Lean
C. DevOps
D. ITIL

Frage 97

Frage

Lauren wants to monitor her LDAP servers to identify what types of queries are causing problems. What type of monitoring should she use if she wants to be able to use the production servers and actual traffic for her testing?

Antworten

A. Active
B. Real-time
C. Passive
D. Replay

Frage 98

Frage

Steve is developing an input validation routine that will protect the database supporting a web application from SQL injection attack. Where should Steve place the input validation code?

Antworten

A. JavaScript embedded in the web pages
B. Backend code on the web server
C. Stored procedure on the database
D. Code on the user’s web browser

Frage 99

Frage

Linda is selecting a disaster recovery facility for her organization, and she wishes to retain independence from other organizations as much as possible. She would like to choose a facility that balances cost and recovery time, allowing activation in about one week after a disaster is declared. What type of facility should she choose?

Antworten

A. Cold site
B. Warm site
C. Mutual assistance agreement
D. Hot site

Frage 100

Frage

Ben is selecting an encryption algorithm for use in an organization with 10,000 employees. He must facilitate communication between any two employees within the organization. Which one of the following algorithms would allow him to meet this goal with the least time dedicated to key management?

Antworten

A. RSA
B. IDEA
C. 3DES
D. Skipjack

Frage 101

Frage

Grace is considering the use of new identification cards in her organization that will be used for physical access control. She comes across the sample card shown here and is unsure of the technology it uses. What type of card is this?

Image:

77 (binary/octet-stream)

Antworten

A. Smart card
B. Phase-two card
C. Proximity card
D. Magnetic stripe card

Frage 102

Frage

What type of log file is shown in this figure?

Image:

78 (binary/octet-stream)

Antworten

A. Application
B. Web server
C. System
D. Firewall

Frage 103

Frage

Which one of the following activities transforms a zero-day vulnerability into a less dangerous attack vector?

Antworten

A. Discovery of the vulnerability
B. Implementation of transport-layer encryption
C. Reconfiguration of a firewall
D. Release of a security patch

Frage 104

Frage

Which one of the following is an example of a hardening provision that might strengthen an organization’s existing physical facilities and avoid implementation of a business continuity plan?

Antworten

A. Patching a leaky roof
B. Reviewing and updating firewall access control lists
C. Upgrading operating systems
D. Deploying a network intrusion detection system

Frage 105

Frage

Susan wants to monitor traffic between systems in a VMWare environment. What solution would be her best option to monitor that traffic?

Antworten

A. Use a traditional hardware-based IPS.
B. Install Wireshark on each virtual system.
C. Set up a virtual span port and capture data using a VM IDS.
D. Use netcat to capture all traffic sent between VMs.

Frage 106

Frage

Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages. When Matthew sends Richard a message, what key should he use to encrypt the message?

Antworten

A. Matthew’s public key
B. Matthew’s private key
C. Richard’s public key
D. Richard’s private key

Frage 107

Frage

Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages. When Richard receives the message from Matthew, what key should he use to decrypt the message?

Antworten

A. Matthew’s public key
B. Matthew’s private key
C. Richard’s public key
D. Richard’s private key

Frage 108

Frage

Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages. Matthew would like to enhance the security of his communication by adding a digital signature to the message. What goal of cryptography are digital signatures intended to enforce?

Antworten

A. Secrecy
B. Availability
C. Confidentiality
D. Nonrepudiation

Frage 109

Frage

Matthew and Richard are friends located in different physical locations who would like to begin communicating with each other using cryptography to protect the confidentiality of their communications. They exchange digital certificates to begin this process and plan to use an asymmetric encryption algorithm for the secure exchange of email messages. When Matthew goes to add the digital signature to the message, what encryption key does he use to create the digital signature?

Antworten

A. Matthew’s public key
B. Matthew’s private key
C. Richard’s public key
D. Richard’s private key

Frage 110

Frage

When Jim logs into a system, his password is compared to a hashed value stored in a database. What is this process?

Antworten

A. Identification
B. Hashing
C. Tokenization
D. Authentication

Frage 111

Frage

What is the primary advantage of decentralized access control?

Antworten

A. It provides better redundancy.
B. It provides control of access to people closer to the resources.
C. It is less expensive.
D. It provides more granular control of access.

Frage 112

Frage

Which of the following types of controls does not describe a mantrap?

Antworten

A. Deterrent
B. Preventive
C. Compensating
D. Physical

Frage 113

Frage

Sally’s organization needs to be able to prove that certain staff members sent emails, and she wants to adopt a technology that will provide that capability without changing their existing email system. What is the technical term for the capability Sally needs to implement as the owner of the email system, and what tool could she use to do it?

Antworten

A. Integrity; IMAP
B. Repudiation; encryption
C. Nonrepudiation; digital signatures
D. Authentication; DKIM

Frage 114

Frage

Which one of the following background checks is not normally performed during normal pre-hire activities?

Antworten

A. Credit check
B. Reference verification
C. Criminal records check
D. Medical records check

Frage 115

Frage

Margot is investigating suspicious activity on her network and uses a protocol analyzer to sniff inbound and outbound traffic. She notices an unusual packet that has identical source and destination IP addresses. What type of attack uses this packet type?

Antworten

A. Fraggle
B. Smurf
C. Land
D. Teardrop

Frage 116

Frage

Which of the following vulnerabilities might be discovered during a penetration test of a web-based application?

Antworten

A. Cross-site scripting
B. Cross-site request forgery
C. SQL injection
D. All of the above

Frage 117

Frage

In the OSI model, when a packet changes from a datastream to a segment or a datagram, what layer has it traversed?

Antworten

A. The Transport layer
B. The Application layer
C. The Data Link layer
D. The Physical layer

Frage 118

Frage

Tommy handles access control requests for his organization. A user approaches him and explains that he needs access to the human resources database in order to complete a headcount analysis requested by the CFO. What has the user demonstrated successfully to Tommy?

Antworten

A. Clearance
B. Separation of duties
C. Need to know
D. Isolation

Frage 119

Frage

During which phase of the incident response process would administrators design new security controls intended to prevent a recurrence of the incident?

Antworten

A. Reporting
B. Recovery
C. Remediation
D. Lessons Learned

Frage 120

Frage

Kathleen wants to set up a service to provide information about her organization’s users and services using a central, open, vendorneutral, standards-based system that can be easily queried. Which of the following technologies is her best choice?

Antworten

A. RADIUS
B. LDAP
C. Kerberos
D. Active Directory

Frage 121

Frage

Bethany received an email from one of her colleagues with an unusual attachment named smime.p7s. She does not recognize the attachment and is unsure what to do. What is the most likely scenario?

Antworten

A. This is an encrypted email message.
B. This is a phishing attack.
C. This is embedded malware.
D. This is a spoofing attack.

Frage 122

Frage

What type of firewall is capable of inspecting traffic at layer 7 and performing protocol-specific analysis for malicious traffic?

Antworten

A. Application firewall
B. Stateful inspection firewall
C. Packet filtering firewall
D. Bastion host

Frage 123

Frage

Alice would like to add another object to a security model and grant herself rights to that object. Which one of the rules in the Take-Grant protection model would allow her to complete this operation?

Antworten

A. Take rule
B. Grant rule
C. Create rule
D. Remove rule

Frage 124

Frage

What type of assessment methods are associated with mechanisms and activities based on the recommendations of NIST SP800-53A, the Guide for Assessing Security Controls in Federal Information Systems?

Antworten

A. Examine and interview
B. Test and assess
C. Test and interview
D. Examine and test

Frage 125

Frage

Colin is reviewing a system that has been assigned the EAL7 evaluation assurance level under the Common Criteria. What is the highest level of assurance that he may have about the system?

Antworten

A. It has been functionally tested.
B. It has been methodically tested and checked.
C. It has been methodically designed, tested, and reviewed.
D. It has been formally verified, designed, and tested.

	Erstellt von Requiemdust Sheena vor mehr als 4 Jahre

Nächster

Quix16 - 125Q

Beschreibung

Zusammenfassung der Ressource

Frage 1

Frage 2

Frage 3

Frage 4

Frage 5

Frage 6

Frage 7

Frage 8

Frage 9

Frage 10

Frage 11

Frage 12

Frage 13

Frage 14

Frage 15

Frage 16

Frage 17

Frage 18

Frage 19

Frage 20

Frage 21

Frage 22

Frage 23

Frage 24

Frage 25

Frage 26

Frage 27

Frage 28

Frage 29

Frage 30

Frage 31

Frage 32

Frage 33

Frage 34

Frage 35

Frage 36

Frage 37

Frage 38

Frage 39

Frage 40

Frage 41

Frage 42

Frage 43

Frage 44

Frage 45

Frage 46

Frage 47

Frage 48

Frage 49

Frage 50

Frage 51

Frage 52

Frage 53

Frage 54

Frage 55

Frage 56

Frage 57

Frage 58

Frage 59

Frage 60

Frage 61

Frage 62

Frage 63

Frage 64

Frage 65

Frage 66

Frage 67

Frage 68

Frage 69

Frage 70

Frage 71

Frage 72

Frage 73

Frage 74

Frage 75

Frage 76